Vulnerability Details CVE-2016-7091
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.6%
CVSS Severity
CVSS v3 Score 4.4
CVSS v2 Score 4.9
References
- http://www.securityfocus.com/bid/92615
- https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html
- https://rhn.redhat.com/errata/RHSA-2016-2593.html
- http://www.securityfocus.com/bid/92615
- https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html
- https://rhn.redhat.com/errata/RHSA-2016-2593.html
Products affected by CVE-2016-7091
-
cpe:2.3:o:redhat:enterprise_linux:-
-
cpe:2.3:o:redhat:enterprise_linux:10.0
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux:4
-
cpe:2.3:o:redhat:enterprise_linux:4.0
-
cpe:2.3:o:redhat:enterprise_linux:4.4
-
cpe:2.3:o:redhat:enterprise_linux:4.5
-
cpe:2.3:o:redhat:enterprise_linux:5
-
cpe:2.3:o:redhat:enterprise_linux:5.0
-
cpe:2.3:o:redhat:enterprise_linux:5.1.0
-
cpe:2.3:o:redhat:enterprise_linux:5.11
-
cpe:2.3:o:redhat:enterprise_linux:5.4
-
cpe:2.3:o:redhat:enterprise_linux:6
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:6.1
-
cpe:2.3:o:redhat:enterprise_linux:6.10
-
cpe:2.3:o:redhat:enterprise_linux:6.2
-
cpe:2.3:o:redhat:enterprise_linux:6.3
-
cpe:2.3:o:redhat:enterprise_linux:6.4
-
cpe:2.3:o:redhat:enterprise_linux:6.5
-
cpe:2.3:o:redhat:enterprise_linux:6.6
-
cpe:2.3:o:redhat:enterprise_linux:6.7
-
cpe:2.3:o:redhat:enterprise_linux:6.8
-
cpe:2.3:o:redhat:enterprise_linux:6.9
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:7.1
-
cpe:2.3:o:redhat:enterprise_linux:7.2
-
cpe:2.3:o:redhat:enterprise_linux:7.3
-
cpe:2.3:o:redhat:enterprise_linux:7.4
-
cpe:2.3:o:redhat:enterprise_linux:7.5
-
cpe:2.3:o:redhat:enterprise_linux:7.6
-
cpe:2.3:o:redhat:enterprise_linux:7.7
-
cpe:2.3:o:redhat:enterprise_linux:7.8
-
cpe:2.3:o:redhat:enterprise_linux:7.9
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:8.1
-
cpe:2.3:o:redhat:enterprise_linux:8.3
-
cpe:2.3:o:redhat:enterprise_linux:8.3.0
-
cpe:2.3:o:redhat:enterprise_linux:8.4
-
cpe:2.3:o:redhat:enterprise_linux:8.5.0
-
cpe:2.3:o:redhat:enterprise_linux:8.6
-
cpe:2.3:o:redhat:enterprise_linux:8.7
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux:9.1
-
cpe:2.3:o:redhat:enterprise_linux:as_3
-
cpe:2.3:o:redhat:enterprise_linux:as_4
-
cpe:2.3:o:redhat:enterprise_linux:es_3
-
cpe:2.3:o:redhat:enterprise_linux:es_4
-
cpe:2.3:o:redhat:enterprise_linux:ws_3
-
cpe:2.3:o:redhat:enterprise_linux:ws_4
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0